validate import sheet name

2018-06-27 17:01:26 +03:00
parent 5b147834ad
commit e7c7a472c1
4 changed files with 53 additions and 6 deletions
--- a/app/Http/Controllers/Expenses/Bills.php
+++ b/app/Http/Controllers/Expenses/Bills.php
@@ -275,9 +275,21 @@ class Bills extends Controller
    {
        $success = true;

+        $allowed_sheets = ['bills', 'bill_items', 'bill_histories', 'bill_payments', 'bill_totals'];
+
        // Loop through all sheets
-        $import->each(function ($sheet) use (&$success) {
-            $slug = 'Expense\\' . str_singular(studly_case($sheet->getTitle()));
+        $import->each(function ($sheet) use (&$success, $allowed_sheets) {
+            $sheet_title = $sheet->getTitle();
+
+            if (!in_array($sheet_title, $allowed_sheets)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
+            $slug = 'Expense\\' . str_singular(studly_case($sheet_title));

            if (!$success = Import::createFromSheet($sheet, $slug)) {
                return false;
--- a/app/Http/Controllers/Incomes/Invoices.php
+++ b/app/Http/Controllers/Incomes/Invoices.php
@@ -296,9 +296,21 @@ class Invoices extends Controller
    {
        $success = true;

+        $allowed_sheets = ['invoices', 'invoice_items', 'invoice_histories', 'invoice_payments', 'invoice_totals'];
+
        // Loop through all sheets
-        $import->each(function ($sheet) use (&$success) {
-            $slug = 'Income\\' . str_singular(studly_case($sheet->getTitle()));
+        $import->each(function ($sheet) use (&$success, $allowed_sheets) {
+            $sheet_title = $sheet->getTitle();
+
+            if (!in_array($sheet_title, $allowed_sheets)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
+            $slug = 'Income\\' . str_singular(studly_case($sheet_title));

            if (!$success = Import::createFromSheet($sheet, $slug)) {
                return false;
--- a/app/Utilities/Import.php
+++ b/app/Utilities/Import.php
@@ -13,6 +13,14 @@ class Import

        // Loop through all sheets
        $import->each(function ($sheet) use (&$success, $slug) {
+            if (!static::isValidSheetName($sheet, $slug)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
            if (!$success = static::createFromSheet($sheet, $slug)) {
                return false;
            }
@@ -46,7 +54,7 @@ class Import

                $model::create($data);
            } catch (ValidationException $e) {
-                $message = trans('messages.error.import_failed', [
+                $message = trans('messages.error.import_column', [
                    'message' => $e->validator->errors()->first(),
                    'sheet' => $sheet->getTitle(),
                    'line' => $index + 2,
@@ -69,4 +77,18 @@ class Import
        return $success;
    }

+    public static function isValidSheetName($sheet, $slug)
+    {
+        $t = explode('\\', $slug);
+
+        if (empty($t[1])) {
+            return false;
+        }
+
+        if ($sheet->getTitle() != str_plural(snake_case($t[1]))) {
+            return false;
+        }
+
+        return true;
+    }
 }